Test-signing MagicAAP #425

kernelb00t · 2025-03-25T17:00:53Z

kernelb00t
Mar 25, 2025

The problem: To install MagicAAP properly, I have to put Windows in test mode. This is not a proper way to install a custom driver, leading to increased attack surface and multiple insecurities. And it disables secure boot. And there are no updates for this driver. Great!

The solution: Following Microsoft recommendation for test drivers.

We do not have (and/or want?) a signing cert from Microsoft, so we have to manage our own.

The second problem: The signing process is slow and complex.

The second solution: A documentation, then maybe a script?

So, let's break it down :

Get Windows SDK and driver kit.
Check if signtool, mkcert are present.
Use mkcert to make a driver signing cert.
Install the certificate in the trust store.
Use signtool to sign the driver.
Install and reboot.

Are there any obstacles code-wise? Does the code use methods that ABSOLUTELY require test mode apart from the fact that the driver is not signed?

steam3d · 2025-03-25T17:06:29Z

steam3d
Mar 25, 2025
Maintainer

Hi @kernelb00t . There are no ways of others. Please read this:
https://learn.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing

Why the diver is not signed can be found in Discord

0 replies

kernelb00t · 2025-03-25T18:47:20Z

kernelb00t
Mar 25, 2025
Author

https://learn.microsoft.com/en-us/windows-hardware/drivers/install/installing-test-signed-driver-packages
This is possible indeed!

You have to manage your certificate with a script. But you don't need to go test mode!

The link is talking about production use. But test use is still possible! I'm currently testing, and I'll update when it's OK.

3 replies

steam3d Mar 25, 2025
Maintainer

I don't think the Kernel Driver will work. Based on forums related to cheats, the Kernel Driver is used for game cheats and cannot be launched in the same way without test mode. Adding a certificate in Windows doesn't have any effect. Windows doesn't load such drivers.

My driver is Kernel Driver so it will not load without test mode.

steam3d Mar 25, 2025
Maintainer

You can't load a kernel-mode driver with a self-signed certificate without Test Mode because Windows requires all drivers to be signed by a trusted certificate authority.

steam3d Mar 25, 2025
Maintainer

So it makes no sense to sign, in test mode the signature is not needed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Test-signing MagicAAP #425

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Test-signing MagicAAP #425

Uh oh!

kernelb00t Mar 25, 2025

Replies: 2 comments · 3 replies

Uh oh!

Uh oh!

steam3d Mar 25, 2025 Maintainer

Uh oh!

Uh oh!

kernelb00t Mar 25, 2025 Author

Uh oh!

steam3d Mar 25, 2025 Maintainer

Uh oh!

steam3d Mar 25, 2025 Maintainer

Uh oh!

steam3d Mar 25, 2025 Maintainer

kernelb00t
Mar 25, 2025

Replies: 2 comments 3 replies

steam3d
Mar 25, 2025
Maintainer

kernelb00t
Mar 25, 2025
Author

steam3d Mar 25, 2025
Maintainer

steam3d Mar 25, 2025
Maintainer

steam3d Mar 25, 2025
Maintainer